From d0213d4581c039d6e39371886af504abf652de90 Mon Sep 17 00:00:00 2001
From: Nicklas Lundin <nicklasl@spotify.com>
Date: Tue, 19 May 2026 10:49:17 +0200
Subject: [PATCH] ci: declare minimum permissions on workflow files

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/workflows/ci-pull-request.yaml | 3 +++
 .github/workflows/lint-pr-name.yaml    | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/.github/workflows/ci-pull-request.yaml b/.github/workflows/ci-pull-request.yaml
index 64a44c1a..fe05c9d8 100644
--- a/.github/workflows/ci-pull-request.yaml
+++ b/.github/workflows/ci-pull-request.yaml
@@ -8,6 +8,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Build/Test
diff --git a/.github/workflows/lint-pr-name.yaml b/.github/workflows/lint-pr-name.yaml
index 04b7fab4..29fe434e 100644
--- a/.github/workflows/lint-pr-name.yaml
+++ b/.github/workflows/lint-pr-name.yaml
@@ -7,6 +7,10 @@ on:
       - edited
       - synchronize
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   main:
     name: Validate PR title